﻿<?php
//Start session
session_start();
	
//Array to store validation errors
$errmsg = array();
$errflag = false;

// email and password sent from form 
$email=$_POST['email']; 
$mypassword=$_POST['password'];

if($email ==''){

	$errmsg[] = "请输入邮箱登陆";
	$errflag = true;
	header("Location:./index.php?msg=error");
}else if($mypassword==''){
	$errmsg[] = "请输入密码";
	$errflag = true;
	header("Location:./index.php?msg=error");

}else{
	include_once('./func_dbc.php');
	// To protect MySQL injection (more detail about MySQL injection)
	$myemail = stripslashes(clean($email));
	$mypassword = stripslashes(clean($mypassword));

	
	//passwd encryption
	$encrypted_password=md5($mypassword);
	




	
	
//query from DB to validate
	$sql="SELECT * FROM $t_users t1 join $t_salt t2 on t1.saltId = t2.saltId 
	WHERE t1.email='$myemail' and t2.password='$mypassword';";
	$result=mysql_query($sql);

	// Mysql_num_row is counting table row
	//$count=mysql_fetch_row($result);
	// If result matched $myusername and $mypassword, table row must be 1 row

	$num = mysql_num_rows($result); 
	if($num == 1){
		while ($row= mysql_fetch_array($result)){
			$userid= $row['userId'];
		
		}
    if($num == 0) {
		$errmsg[] = '输邮箱与密码不符';
		$errflag = true;
		header("Location:./index.php?msg=error");
	}
	// setup user cookie, Up to 3-hours login
		$cookie_name = "myemail";
		$cookie_value = $myemail;
	 
		setcookie($cookie_name, $cookie_value, time()+10800, "/" , "", 0);
		
		$cookie_name = "mypassword";
		$cookie_value = $mypassword;
	 
		setcookie($cookie_name, $cookie_value, time()+10800, "/" , "", 0);
		
		$cookie_name = "userid";
		$cookie_value = $userid;
		
	
	 
		setcookie($cookie_name, $cookie_value, time()+10800, "/" , "", 0);
		
		/***********************************************************/
		//pass cookies here!!!!
		
		//echo $_COOKIE['userid']; 
	
		header("Location:./space/self_front.php");
	}else {
	/***********************************************************/
		//Javascript to show error message here!!!
		header("Location:./index.php?msg=error");
		
	}
}


	function clean($str) {
		$str = @trim($str);
		if(get_magic_quotes_gpc()) {
			$str = stripslashes($str);
		}
		return mysql_real_escape_string($str);
	}
?>